Free Strong Password Generator
Generate cryptographically random passwords up to 128 characters. Customize length, character types, and exclude lookalike characters. Everything runs locally — your passwords are never logged or transmitted.
I1R.tSNJq2-Y4cyJfjf3Brute force: longer than the age of the universe
Has this password been leaked?
Checked against the Have I Been Pwned database using k-anonymity — only the first 5 chars of the SHA-1 hash are sent.
Useful if a system rejects specific chars.
Password tips
- Use 16+ characters for personal accounts, 20+ for banking and email.
- Never reuse passwords across sites — a breach on one site exposes all of them.
- Use a password manager so you only memorize one master password.
- Enable 2FA on every account that supports it — even a strong password is no defense against phishing.
Frequently asked questions
How long should my password be?
At least 16 characters for personal accounts, 20+ for banking and email. Each extra character roughly multiplies the time needed to brute-force by the size of the character set.
Are these passwords logged?
No. Generation uses crypto.getRandomValues() locally. Nothing is sent to any server. Generated passwords exist only in your browser's memory until you close the tab.
Should I memorize my passwords?
No. Use a password manager (Bitwarden, 1Password, KeePass) to store unique passwords for every account. Memorize only the master password.
Why exclude lookalike characters?
Characters like 0/O, 1/l/I, 5/S can be misread when copying from a printed page or screenshot. Excluding them improves usability without meaningfully reducing strength.